Shooting the Windows Messenger Service

On November 6, the Federal Trade Commission (FTC) warmed the hearts of
anti-spammers everywhere when it convinced a U.S. District Court to issue a temporary
restraining order shutting down a spamming company for using the Windows Messenger
Service to deliver unwanted pop-ups. In taking its action, the FTC threw a spotlight on
one of the most recent and most obnoxious kinds of pop-ups in the spammers' arsenal.
These particularly nefarious pop-ups used the Windows Messenger Service to deliver text
pop-ups to people's desktops, even if they weren't running a browser.

In this article, I will show you what you can do to protect yourself from this type of
spam. But, first, let's take a brief look at the FTC complaint.

The FTC Action

The FTC
complaint was issued against D Squared Solutions, LLC, based in San Diego, California, and its officers Anish Dhingra and Jeffrey Davis. Howard Beales, Director of the FTC's
Bureau of Consumer Protection, called what the company did "nothing more than a high-tech
version of a classic scam." According to the complaint, the spammers would deluge
people with pop-ups, sending them to each person as frequently as every ten minutes. The
pop-ups would advertise, you guessed it, software that would kill the pop-ups. Talk
about chutzpah! In addition, the complaint alleges, the web site run by D Squared
offered to sell software that would allow anyone to blast pop-ups to 135,000 Internet
addresses every hour and included a database of more than 2 billion unique
addresses.

If you're interested, you can read the press release about the
complaint. And if you'd like to file a complaint against a spammer, use the FTC's online
complaint form. Or you can bypass the complaint form and instead forward the
spam directly to the FTC at UCE@FTC.GOV.

So What's Going On?

First, a caveat: The Windows Messenger
Service bears no relation to Windows Messenger or to any other instant messenger for
that matter. The Windows Messenger
Service was designed for sending messages over local area networks.
For example, whenever you get a text message from a network administrator telling you that a server
is about to go down, the Windows Messenger Service is at work.

However, a little more than a year ago spammers of all kinds discovered that they could use Windows Messenger Service to blast their text-based pop-up messages to millions of IP addresses
across the Internet. Recipients of the messages have been baffled by the pop-ups because
the pop-ups are not connected to a browser or to any other application, for that matter.
You don't need to be surfing the Web to get them. You only need to be connected to the
Internet. Cable users and DSL users were particularly prone to them because those users
have always-on connections.

How bad have they become? Several months ago I bought a new laptop and
within ten minutes of plugging it into my home router the first pop-ups began
appearing.

What Can You Do?

Luckily, it's easy to kill these pop-ups in XP, as I outline in my book
Windows XP Hacks. To do so, you'll have to disable the Windows Messenger Service.
Run the Microsoft Management Console by typing in services.msc at a command prompt, or via
the run box, and pressing Enter. Double-click on the entry for Messenger, and the screen
shown in Figure 1 appears. Choose Disabled as the Startup type, and click OK. Pop-ups
will no longer get through. Of course, neither will any network messages from
administrators delivered using the service; because of spam, though, the service is being used
much less frequently than before. In fact, when Microsoft delivers its next XP service
pack, the pack will disable the Windows Messenger Service. So, if you want to use it after
that, you'll have to turn it on manually using the Microsoft Management Console.

Figure 1. Choose Disabled as the Startup type, and you'll be free of Windows
Messenger spam.

The Windows Messenger Service uses port 135 to deliver messages, so you can
kill messages without disabling the service in XP. Instead, you can disable port 135 so that no
inbound Internet traffic can use that port to deliver messages. Obviously, how you do this
varies according to your network setup. But if you're using a Linksys router at home, go
to the router administrator screen and choose Advanced -> Filters. In the Filtered Private
Port Range, choose both and for the range type, type in 135 twice. Click on Apply. The pop-ups should now be disabled. You can also disable that port using a firewall called XP's
Internet Connection Firewall, or ZoneAlarm, from ZoneLabs.

Editor's note: For more details on disabling the Windows Messenger Service, check out Hack #33, "Stop Pop Up, Spyware and Web Bugs" in Windows XP Hacks. You'll also find out how to install firewalls — another way to kill the pop-ups. If you're a Windows XP power user, be sure to check out the 99 other really cool and timely XP hacks in Preston's book.